| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Mar 2014 15:39:00 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2014:049 ] subversion -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:049 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : subversion Date : March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in subversion: The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the svn ls http://svn.example.com command (CVE-2014-0032). This advisory provides the latest version of subversion (1.7.16) which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032 http://subversion.apache.org/security/CVE-2014-0032-advisory.txt _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 25a0792c0644c3469694b1aed87920c4 mes5/i586/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.i586.rpm 5c4a0db4d471323f53b1062f495cc4d7 mes5/i586/libsvn0-1.7.16-0.1mdvmes5.2.i586.rpm cf1185d10113c2ba5bfa5be6bc2c0c47 mes5/i586/libsvnjavahl1-1.7.16-0.1mdvmes5.2.i586.rpm e3cc87ab3d41b46bf520bb292c12526f mes5/i586/perl-SVN-1.7.16-0.1mdvmes5.2.i586.rpm 27b585a2d79689d73233463841f2bc80 mes5/i586/perl-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm 0039001ca9d125bfb557cffcc2f5b8c5 mes5/i586/python-svn-1.7.16-0.1mdvmes5.2.i586.rpm 4776c4ae660efbbc357c3c35fc9bd01f mes5/i586/python-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm 6708ceca95968af6a53b6181278f8252 mes5/i586/ruby-svn-1.7.16-0.1mdvmes5.2.i586.rpm 261064f1e40912db8c0a863e0b907a6f mes5/i586/ruby-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm a115aab61321b6fa8180c0debfc2ebe2 mes5/i586/subversion-1.7.16-0.1mdvmes5.2.i586.rpm 942c99bfabaf203e5e10ac3ef394e63b mes5/i586/subversion-devel-1.7.16-0.1mdvmes5.2.i586.rpm 32096c5120feb2ea6ece0675ef24412a mes5/i586/subversion-doc-1.7.16-0.1mdvmes5.2.i586.rpm 35943db397129b7b6ab1ec48014356e8 mes5/i586/subversion-server-1.7.16-0.1mdvmes5.2.i586.rpm 377718f8801578a0a02afd21daa9d96d mes5/i586/subversion-tools-1.7.16-0.1mdvmes5.2.i586.rpm be6f8cc3ef11f7219f6a07824795ed41 mes5/i586/svn-javahl-1.7.16-0.1mdvmes5.2.i586.rpm f9511b3a764f7f5c0297b5c6478a05d5 mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: fe630b13878ebd2eef2301836d42a833 mes5/x86_64/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.x86_64.rpm 34ea50c0238c1a71a0fb518ae81441a6 mes5/x86_64/lib64svn0-1.7.16-0.1mdvmes5.2.x86_64.rpm a18979e9ea94488d2862e725b91ac995 mes5/x86_64/lib64svnjavahl1-1.7.16-0.1mdvmes5.2.x86_64.rpm d186d26bf20b5b9cd6b6727f794b0747 mes5/x86_64/perl-SVN-1.7.16-0.1mdvmes5.2.x86_64.rpm ba6923c0cb1f53ac8c96b682df7e5711 mes5/x86_64/perl-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm 18ef94dc37d3f7c4b161fdb71cb1900e mes5/x86_64/python-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm e0615817d08e9bdc3151d8de7b6f88da mes5/x86_64/python-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm 8f3f546f4b57e2e6fe2d951e02eafde1 mes5/x86_64/ruby-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm 0dd7b95e42ebe58bc5a3a368142f7de6 mes5/x86_64/ruby-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm da5acbb29a65970a911fdfd44e39e9d6 mes5/x86_64/subversion-1.7.16-0.1mdvmes5.2.x86_64.rpm e4ccfd66a649b933ecc7bfd1fdba686d mes5/x86_64/subversion-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm 074511092d7547f4c01f7820c4a00cab mes5/x86_64/subversion-doc-1.7.16-0.1mdvmes5.2.x86_64.rpm 2cada523fcd8673de0fb2f99de60dad6 mes5/x86_64/subversion-server-1.7.16-0.1mdvmes5.2.x86_64.rpm 0f435f9026b9460c5be686a4d8218350 mes5/x86_64/subversion-tools-1.7.16-0.1mdvmes5.2.x86_64.rpm 933d8dfd42cdd71c6d43b7bec209a5e7 mes5/x86_64/svn-javahl-1.7.16-0.1mdvmes5.2.x86_64.rpm f9511b3a764f7f5c0297b5c6478a05d5 mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 5095fc2f7b63d2374ba366051a873b58 mbs1/x86_64/apache-mod_dav_svn-1.7.16-0.1.mbs1.x86_64.rpm 633a46f34b6da14ddcab055dcc7b43c6 mbs1/x86_64/lib64svn0-1.7.16-0.1.mbs1.x86_64.rpm 1ca8f4e33ce81302d36912ed217f80b3 mbs1/x86_64/lib64svn-gnome-keyring0-1.7.16-0.1.mbs1.x86_64.rpm f70f985409153583212517dbada5ab0b mbs1/x86_64/lib64svnjavahl1-1.7.16-0.1.mbs1.x86_64.rpm ed488e73c53881ada31cba91eab5b086 mbs1/x86_64/perl-SVN-1.7.16-0.1.mbs1.x86_64.rpm ed510f571e41eb525e342ec597d1cfbe mbs1/x86_64/perl-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm 6d4359f416b2a54ea9bb54275bc9cff2 mbs1/x86_64/python-svn-1.7.16-0.1.mbs1.x86_64.rpm 406091c32bc4423da6afccf201e27ffb mbs1/x86_64/python-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm 6ccff4806cb52a1694387c97c9b9e016 mbs1/x86_64/ruby-svn-1.7.16-0.1.mbs1.x86_64.rpm e5d7242d92ca6ea497a308f7b34fe207 mbs1/x86_64/ruby-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm edb6502354863c56f29e7e65d75a21df mbs1/x86_64/subversion-1.7.16-0.1.mbs1.x86_64.rpm 71f817eda62ba04e639137541f85a7a1 mbs1/x86_64/subversion-devel-1.7.16-0.1.mbs1.x86_64.rpm 1daf40a5cb7aff387e9cd52eaf5cec1a mbs1/x86_64/subversion-doc-1.7.16-0.1.mbs1.x86_64.rpm da9f368e0f57688ad2727cf8f38650bb mbs1/x86_64/subversion-gnome-keyring-devel-1.7.16-0.1.mbs1.x86_64.rpm 2e96f1e645fe8ee6b398161e1cf1bd8a mbs1/x86_64/subversion-server-1.7.16-0.1.mbs1.x86_64.rpm aef744152ee3c6f2298dca3ce64a3365 mbs1/x86_64/subversion-tools-1.7.16-0.1.mbs1.x86_64.rpm 9e3a148929cbbcdaeffdc74f5082abf8 mbs1/x86_64/svn-javahl-1.7.16-0.1.mbs1.x86_64.rpm b480b905c3a423649991f29d8853a006 mbs1/SRPMS/subversion-1.7.16-0.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTHaKgmqjQ0CJFipgRAnvPAJ9MZ1sKSMshIi2uRtzVu63Jgpa1vACgosTF HKgtP0IPcxhUN9djE9HZwsk= =EunO -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists